Advisory: Cross-site Scripting in Securimage 3.6.2 RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability in the Securimage CAPTCHA software, which allows attackers to inject arbitrary JavaScript code via a crafted URL. Details ======= Product: Securimage Affected Versions: >= 3.2RC1 Fixed Versions: 3.6.4 Vulnerability Type: Cross-site Scripting Security Risk: high Vendor URL: http://ift.tt/1VyBKT7 Vendor Status: fixed version released Advisory URL: http://ift.tt/1S2KAmt Advisory Status: published CVE: GENERIC-MAP-NOMATCH CVE URL: http://ift.tt/1jQGmEN Introduction ============ "Securimage is an open-source free PHP CAPTCHA script for generating complex images and CAPTCHA codes to protect forms from spam and abuse. It can be easily added into existing forms on your website to provide protection from spam bots. It can run on most any web server as long as you have PHP installed, and GD support within PHP. Securimage does everything from generating the CAPTCHA images to validating the typed code. Audible codes can be streamed to the browser with Flash for the vision impaired." (from the project's homepage) More Details ============ The Securimage download package and GitHub repository include several example scripts to demonstrate the usage of the library. Among these scripts is the file example_form.ajax.php. It returns JavaScript code that includes an unencoded value from the variable $_SERVER['PHP_SELF'] directly embedded into the website. In Securimage versions from 3.2RC1 to 3.5 the following code is vulnerable:
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment